Due to a centralized software marketplace such as “Google Play” operating on an Android platform included in a smart phone, in addition to implementing a conventional mechanism applied to a personal computer, applications on the smart phone also adopt a code signing mechanism for software security protections of the smart phone. That is, an application to be executed on a smart phone can only be executed given that the application is signed. Thus, it is not only ensured that the application is unmodified but also proven that a developer of the application is verified by the software marketplace. Further, applications on a smart phone cannot be freely acquired and distributed as those in a personal computer. More specifically, as installation processes and post-installation stages of applications on a smart phone are protected, the applications cannot be arbitrarily duplicated and propagated.
Although the protection mechanism for a smart phone is much stricter than that of a personal computer, a software cracker is still able to illegally acquire a protected application after eluding system loopholes and obtaining a root of the smart phone or jailbreaking. The cracker may then add malicious code to the acquired application, make appropriate modifications to generate a new code signature and repackage the modified application. Such cracking approach that modifies an application or adds malicious code via a software signature, repacks the modified application, and distributes the repacked application is referred to as “repackage”. The repackaged application is then released to a software marketplace or placed at a piracy software website or forum, and then downloaded and installed by uninformed users, so as to propagate malware.
The repackaging frequently occurs on the Android platform since a cracker can sign a cracked application again after modifying or implanting the cracked application with malicious code. Related reports have indicated that, malware on the Google Android platform in the second half of 2011 grows at an average increasing rate of 60% monthly, with most of the malware being repackaged and distributed through marketplaces and Internet forums. Therefore, the protection against malware for the Android platform is a critical issue of computing environment security.